An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0bfeae904f970d08dabdaa8a014eee4efca75639721f7dd9c6b4b2fd1e02c43fAn exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.
f3e9e439a12b70a96bfeb02d461beccb29bf0fda4eae49519ccb97a1479c0998An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability.
7446e3c936f9c136b678adfb1f9ae27d1dee0b2057e87e5de249142841de43f3An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
af5b23fa20f418a3ae4846c607a1b417e1e10c46d2de2f3be018020bcadeb4d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed